Contributed by rueda on from the set-in-stone dept.
In a long series of commits,
Theo de Raadt (deraadt@
)
has added support for the immutable memory mappings
on which we
reported earlier.
We see:
CVSROOT: /cvs Module name: src Changes by: deraadt@cvs.openbsd.org 2022/10/06 21:20:58 Modified files: sys/sys : exec_elf.h Log message: Add identifiers for the new "mutable bss" section, ".openbsd.mutable" is 0x65a3dbe5. Also add PF_MUTABLE as a segment flag for later use.
and:
CVSROOT: /cvs Module name: src Changes by: deraadt@cvs.openbsd.org 2022/10/06 23:01:44 Modified files: sys/uvm : uvm.h Log message: new UVM_ET_IMMUTABLE flag marks a uvm entry as immutable.
and:
CVSROOT: /cvs Module name: src Changes by: deraadt@cvs.openbsd.org 2022/10/07 08:59:39 Modified files: sys/kern : exec_subr.c kern_exec.c kern_pledge.c kern_resource.c syscalls.master sys/sys : mman.h sys/arch/mips64/mips64: trap.c sys/uvm : uvm_extern.h uvm_io.c uvm_map.c uvm_map.h uvm_mmap.c Log message: Add mimmutable(2) system call which locks the permissions (PROT_*) of memory mappings so they cannot be changed by a later mmap(), mprotect(), or munmap(), which will error with EPERM instead. ok kettenis
and:
CVSROOT: /cvs Module name: src Changes by: deraadt@cvs.openbsd.org 2022/10/07 09:04:52 Modified files: gnu/llvm/lld/ELF: ScriptParser.cpp Writer.cpp gnu/llvm/llvm/include/llvm/BinaryFormat: ELF.h gnu/usr.bin/binutils/bfd: elf.c gnu/usr.bin/binutils/binutils: readelf.c gnu/usr.bin/binutils/include/elf: common.h gnu/usr.bin/binutils/ld: ldgram.y gnu/usr.bin/binutils-2.17/bfd: elf.c gnu/usr.bin/binutils-2.17/binutils: readelf.c gnu/usr.bin/binutils-2.17/include/elf: common.h gnu/usr.bin/binutils-2.17/ld: ldgram.y Log message: In the linkers, collect objects in section "openbsd.mutable" and place them into a page-aligned region in the bss, with the right markers for kernel/ld.so to identify the region and skip making it immutable. While here, fix readelf/objdump versions to show all of this. ok miod kettenis
and:
CVSROOT: /cvs Module name: src Changes by: deraadt@cvs.openbsd.org 2022/10/07 09:21:04 Modified files: lib/libc : Symbols.list shlib_version lib/libc/hidden/sys: mman.h lib/libc/sys : Makefile.inc mmap.2 mprotect.2 munmap.2 Added files: lib/libc/sys : mimmutable.2 Log message: Add mimmutable(2) libc stub, add & adjust manual pages, and crank the minor. ok kettenis
and:
CVSROOT: /cvs Module name: src Changes by: deraadt@cvs.openbsd.org 2022/10/07 09:22:10 Modified files: usr.sbin/procmap: procmap.1 procmap.c Log message: Show the entry immutable bit in the various output formats.
These commits provide an early preview of what could be one of the major changes in a future release, likely OpenBSD 7.3. Testing, early and often, is always welcome.
(Comments are closed)
By rueda (rueda) on
Some more commits.